| 发明名称 |
PROFILING CYBER THREATS DETECTED IN A TARGET ENVIRONMENT AND AUTOMATICALLY GENERATING ONE OR MORE RULE BASES FOR AN EXPERT SYSTEM USABLE TO PROFILE CYBER THREATS DETECTED IN A TARGET ENVIRONMENT |
| 摘要 |
A computer implemented method of profiling cyber threats detected in a target environment, comprising: receiving, from a Security Information and Event Manager (SIEM) monitoring the target environment, alerts triggered by a detected potential cyber threat, and, for each alert: retrieving captured packet data related to the alert; extracting data pertaining to a set of attributes from captured packet data triggering the alert; applying fuzzy logic to data pertaining to one or more of the attributes to determine values for one or more output variables indicative of a level of an aspect of risk attributable to the cyber threat. |
| 申请公布号 |
US2017085588(A1) |
申请公布日期 |
2017.03.23 |
| 申请号 |
US201615337120 |
申请日期 |
2016.10.28 |
| 申请人 |
CYBERLYTIC LIMITED |
发明人 |
Laidlaw Stuart;Harold St. John;Hillick Mark |
| 分类号 |
H04L29/06;G06N7/02 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer implemented method of profiling cyber threats detected in a target environment, comprising:
receiving, from a Security Information and Event Manager (SIEM) monitoring the target environment, alerts triggered by a detected potential cyber threat, and, for each alert: A. retrieving captured packet data related to the alert; B. extracting data pertaining to a set of attributes from captured packet data triggering the alert; C. applying fuzzy logic to data pertaining to one or more of the attributes to determine values for one or more output variables indicative of a level of an aspect of risk attributable to the cyber threat. |
| 地址 |
London GB |
